npm - @seanmozeik/tripwire - Versions diffs - 0.5.0 → 0.5.2 - Mend

@seanmozeik/tripwire 0.5.0 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/tripwire.js.jsc CHANGED Viewed

Binary file

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@seanmozeik/tripwire",
-  "version": "0.5.0",
+  "version": "0.5.2",
   "description": "Opinionated hooks dispatcher for AI coding agents with configurable safety rules",
   "license": "MIT",
   "bin": {

package/src/cli.ts CHANGED Viewed

@@ -14,14 +14,31 @@
 //   Bun src/cli.ts install pi
 //   Bun src/cli.ts install all
+import { resolve } from 'node:path';
 import { BunServices } from '@effect/platform-bun';
+import { file } from 'bun';
 import { Effect, Option } from 'effect';
 import { Argument, Command, Flag } from 'effect/unstable/cli';
 import pkg from '../package.json' with { type: 'json' };
 import { installAll, installClaude, installCodex, installPi } from './lib/install';
-const DISPATCH_BIN = `${import.meta.dir}/../dist/tripwire.js`;
+// Resolve tripwire-hook path relative to this CLI's installed location
+const cliDir = import.meta.dirname;
+// Try installed location first (both binaries in same dir), fall back to dev location
+const installedPath = resolve(cliDir, 'tripwire-hook');
+const devPath = resolve(cliDir, '../dist/tripwire.js');
+const dispatchBin = async (): Promise<string> => {
+  try {
+    // Check if installed path exists
+    await file(installedPath).text();
+    return installedPath;
+  } catch {
+    return devPath;
+  }
+};
 interface BuiltEvent {
   hook_event_name: string;
@@ -89,10 +106,11 @@ const runTest = (config: {
   readonly stdout: string | undefined;
   readonly tool: string;
 }): Effect.Effect<void> =>
-  Effect.sync(() => {
+  Effect.gen(function* () {
     const { command, content, path, post, stderr, stdout, tool } = config;
     const event = buildEvent({ tool, post, command, path, stdout, stderr, content });
-    const result = Bun.spawnSync([DISPATCH_BIN], {
+    const bin = yield* Effect.promise(() => dispatchBin());
+    const result = Bun.spawnSync([bin], {
       stdin: new TextEncoder().encode(JSON.stringify(event)),
       timeout: 10_000,
       stdout: 'pipe',

package/src/lib/bash.ts CHANGED Viewed

@@ -288,6 +288,35 @@ const maskLiteralHeredocBodies = (cmd: string): string => {
   return out.join('\n');
 };
+// Side-channel for static-string lookup. Mask-protected rules (hasBypass,
+// Bash-deny scanning) must never see heredoc body characters — a body
+// Containing `# tripwire-allow` or `rm -rf /` would slip past them.
+// `unwrapStaticString` still needs the original body of `$(cat <<EOF ... EOF)`
+// To validate the wrapped commit message. Keep masking universal, and pass
+// The original-body lookup through a separate channel only the static-string
+// Extractor consults.
+const collectHeredocBodies = (cmd: string): ReadonlyMap<string, string> => {
+  const map = new Map<string, string>();
+  const lines = cmd.split('\n');
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i]!;
+    const delimiter = heredocDelimiterFromLine(line);
+    if (delimiter === null || heredocFeedsShell(line)) {
+      continue;
+    }
+    const body: string[] = [];
+    i++;
+    while (i < lines.length && lines[i]!.trim() !== delimiter) {
+      body.push(lines[i]!);
+      i++;
+    }
+    if (!map.has(delimiter)) {
+      map.set(delimiter, body.join('\n'));
+    }
+  }
+  return map;
+};
 const extractShellHeredocCommands = (cmd: string): string[] => {
   const lines = cmd.split('\n');
   const out: string[] = [];
@@ -653,10 +682,18 @@ const extractExecCommands = (seg: Segment): string[] => {
 const HEREDOC_SUBST_RE = /\$\(\s*cat\s+<<-?\s*['"]?(\w+)['"]?\s*\n([\s\S]*?)\n\s*\1\s*\)/u;
 const ECHO_PRINTF_SUBST_RE = /\$\(\s*(?:printf|echo)\s+(?:-[a-zA-Z]+\s+)*'([^']*)'/u;
-const unwrapStaticString = (value: string): string => {
+const unwrapStaticString = (value: string, heredocBodies?: ReadonlyMap<string, string>): string => {
   const heredoc = HEREDOC_SUBST_RE.exec(value);
   if (heredoc !== null) {
-    return heredoc[2] ?? value;
+    const captured = heredoc[2] ?? value;
+    if (heredocBodies !== undefined && captured.trim() === '__HEREDOC_BODY__') {
+      const delimiter = heredoc[1];
+      const real = delimiter === undefined ? undefined : heredocBodies.get(delimiter);
+      if (real !== undefined) {
+        return real;
+      }
+    }
+    return captured;
   }
   const printf = ECHO_PRINTF_SUBST_RE.exec(value);
   if (printf !== null) {
@@ -958,11 +995,18 @@ const safeScopesSummary = (
     .join('\n');
 };
-const hasBypass = (cmd: string): boolean => /(^|\s)#\s*tripwire-allow\b/.test(cmd);
+// Mask heredoc bodies before scanning, otherwise a `# tripwire-allow`
+// Smuggled inside a heredoc body (e.g. a commit message piped via
+// `$(cat <<EOF ... EOF)`) disarms every rule for the surrounding command.
+// A legitimate bypass marker sits on the actual command line, which the
+// Mask leaves intact.
+const hasBypass = (cmd: string): boolean =>
+  /(^|\s)#\s*tripwire-allow\b/.test(maskLiteralHeredocBodies(cmd));
 export type { Redirect, Segment };
 export {
   EXEC_SPECS,
+  collectHeredocBodies,
   hasBypass,
   isSafePathTarget,
   parseCommand,

package/src/rules/bash-git.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { type Segment, hasBypass, unwrapStaticString } from '../lib/bash';
+import { type Segment, collectHeredocBodies, hasBypass, unwrapStaticString } from '../lib/bash';
 import type { GitConfig } from '../lib/config';
 import { type Decision, allow, ask, deny, warn } from '../lib/decision';
@@ -107,21 +107,24 @@ const parseGit = (seg: Segment): GitInvocation | null => {
   return null;
 };
-const messageOf = (subArgs: readonly string[]): string | null => {
+const messageOf = (
+  subArgs: readonly string[],
+  heredocBodies?: ReadonlyMap<string, string>,
+): string | null => {
   for (let i = 0; i < subArgs.length; i++) {
     const t = subArgs[i]!;
     if (t === '-m' || t === '--message') {
       const raw = subArgs[i + 1];
-      return raw === undefined ? null : unwrapStaticString(raw);
+      return raw === undefined ? null : unwrapStaticString(raw, heredocBodies);
     }
     if (t.startsWith('--message=')) {
-      return unwrapStaticString(t.slice('--message='.length));
+      return unwrapStaticString(t.slice('--message='.length), heredocBodies);
     }
     // Combined short flags like `-am`, `-ma`, `-amS` carry the message
     // In the next positional arg — same as `-m` alone.
     if (/^-[a-zA-Z]*m[a-zA-Z]*$/.test(t)) {
       const raw = subArgs[i + 1];
-      return raw === undefined ? null : unwrapStaticString(raw);
+      return raw === undefined ? null : unwrapStaticString(raw, heredocBodies);
     }
   }
   return null;
@@ -153,6 +156,7 @@ interface HandlerCtx {
   readonly flags: readonly string[];
   readonly positional: readonly string[];
   readonly config: GitConfig;
+  readonly heredocBodies: ReadonlyMap<string, string>;
 }
 type Handler = (ctx: HandlerCtx) => Decision;
@@ -306,14 +310,14 @@ const handleMerge: Handler = ({ subArgs }) => {
   return ask('git-merge', '`git merge <branch>` may create merge conflicts. Confirm intent.');
 };
-const handleCommit: Handler = ({ subArgs, config }) => {
+const handleCommit: Handler = ({ subArgs, config, heredocBodies }) => {
   if (has(subArgs, '--amend')) {
     return deny(
       'git-commit-amend',
       '`git commit --amend` rewrites the last commit. If it has been pushed, this causes upstream divergence. Refuse — surface the intent.',
     );
   }
-  const msg = messageOf(subArgs);
+  const msg = messageOf(subArgs, heredocBodies);
   const hasFile = has(subArgs, '-F', '--file', '-c', '-C', '--reuse-message', '--reedit-message');
   const hasNoEdit = has(subArgs, '--no-edit');
   if (msg === null && !hasFile && !hasNoEdit) {
@@ -511,7 +515,11 @@ const HANDLERS: ReadonlyMap<string, Handler> = new Map<string, Handler>([
   ],
 ]);
-const evalGit = (inv: GitInvocation, config: GitConfig): Decision | null => {
+const evalGit = (
+  inv: GitInvocation,
+  config: GitConfig,
+  heredocBodies: ReadonlyMap<string, string>,
+): Decision | null => {
   const { subcommand, subArgs } = inv;
   const flags = flagsOf(subArgs);
   const positional = positionalOf(subArgs);
@@ -566,7 +574,7 @@ const evalGit = (inv: GitInvocation, config: GitConfig): Decision | null => {
   const handler = HANDLERS.get(subcommand);
   if (handler !== undefined) {
-    return handler({ subcommand, subArgs, flags, positional, config });
+    return handler({ subcommand, subArgs, flags, positional, config, heredocBodies });
   }
   return warn(
     'git-unknown-subcommand',
@@ -578,12 +586,13 @@ const bashGit = (segments: readonly Segment[], cmd: string, config: GitConfig):
   if (hasBypass(cmd)) {
     return allow('bash-git');
   }
+  const heredocBodies = collectHeredocBodies(cmd);
   for (const seg of segments) {
     const inv = parseGit(seg);
     if (inv === null) {
       continue;
     }
-    const d = evalGit(inv, config);
+    const d = evalGit(inv, config, heredocBodies);
     if (d !== null && d.kind !== 'allow') {
       return d;
     }